mirror of
https://github.com/bluxmit/alnoda-workspaces.git
synced 2024-09-30 09:16:14 +13:00
123 lines
4.9 KiB
Markdown
123 lines
4.9 KiB
Markdown
# Utilities
|
|
|
|
## Running workspace on server in cloud
|
|
|
|
There are many benefits of using workspace in cloud, some of them:
|
|
|
|
- you can use workspace on any device with internet access, even on tablet
|
|
- it is great for collaboration (anyone can work together with you)
|
|
- you have access to more poverful machine
|
|
- you can use workspace for long-running or periodic jobs
|
|
|
|
There are 2 security considerations to be taken into accont, using workspace in cloud:
|
|
|
|
1. encrypted https connection
|
|
2. authentication
|
|
|
|
To enable https and auth for workspace, one can add reverse proxy to the workspace deployment.
|
|
The utility `remote.py` generates all what's needed to run workspace on cloud server behind reverse proxy.
|
|
This utility generates certificates, traefik config and docker-compose file
|
|
|
|
```
|
|
python remote.py --workspace="base-workspace" --port="8020" --host="68.183.69.198" --user="user1" --password="pass1"
|
|
```
|
|
|
|
**IMPORTANT: the best is to execute this python script inside worrkspace in docker, whick runs on local laptop**
|
|
|
|
The following 4 arguments must be provided:
|
|
- --workspace - name of the workspace (all lowercase)
|
|
- --port - port ofor the workspace UI. Workspace will also take N consequent ports after this one. base-docker for example,
|
|
uses 10 ports
|
|
- --host - IP or hostname of the server where workspace will be deployed
|
|
- --user - any username
|
|
- --password - any password
|
|
|
|
After command is executed, the new folder `remote` is created in the same directory. Copy this folder to the remote server.
|
|
|
|
*Hint: in order to copy folder to remote, you start base workspace on remote with local volume mounted `docker run --name space-temp -v /home/tmp:/tmp -p 8020-8030:8020-8030 -e WRK_HOST="<ip-of-your-remote-server>" alnoda/base-workspace` copy and remove this workspace right after that.*
|
|
|
|
On the remote server ssh to this folder, and execute
|
|
|
|
```
|
|
docker-compose up -d
|
|
```
|
|
|
|
The workspace is running, and it is secured with https and user/password. Notice, that self-sined certificate is used, and browser will
|
|
deisplay a warning when you try to assess the workspace UI on `https://<ip-of-your-remote-server>:8020`. Agree to the warning and proceed.
|
|
|
|
|
|
## Serve Static Website
|
|
|
|
Web application should be deployed with domain name and over https. To have this we suggest to use docker-compose file.
|
|
|
|
### Example: generate and serve docs
|
|
|
|
Open terminal the workspace, which has UI, and build docs
|
|
|
|
> `cd /home/docs`
|
|
> `mkdocs build -d /home/static-server/doc`
|
|
|
|
You can check that static website is served by the static web server.
|
|
|
|
Ssh to the server where the workspace is running, and commit workspace to a new image. Assuming, workspace name `remote_workspace_1`
|
|
|
|
> `docker commit remote_workspace_1 docs:0.1`
|
|
|
|
Now we will run container from image docs:0.1, and add traefik reverse proxy with https. But before doing it, you need to buy domain name,
|
|
and set A record for your new domain to point to the IP of the server, where the docs are running
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
version: "3.3"
|
|
services:
|
|
traefik:
|
|
image: "traefik:v2.4"
|
|
container_name: "traefik"
|
|
command:
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
|
|
- "--certificatesresolvers.myresolver.acme.email=blackmaster@gmail.com"
|
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
|
ports:
|
|
- "443:443"
|
|
- "80:80"
|
|
volumes:
|
|
- "./letsencrypt:/letsencrypt"
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
|
|
workspace:
|
|
image: "docs:0.1"
|
|
container_name: "workspace"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.middlewares.httprepl.redirectregex.regex=^http://(.*)"
|
|
- "traefik.http.middlewares.httprepl.redirectregex.replacement=https://$${1}"
|
|
|
|
- "traefik.http.middlewares.add-context.redirectregex.regex=^https:\\/\\/([^\\/]+)\\/?$$"
|
|
- "traefik.http.middlewares.add-context.redirectregex.replacement=https://$$1/doc/pages/home/home/"
|
|
|
|
- "traefik.http.services.STATICFS_URLhttp.loadbalancer.server.port=8022"
|
|
- "traefik.http.routers.STATICFS_URLhttp.service=STATICFS_URL"
|
|
- "traefik.http.routers.STATICFS_URLhttp.rule=PathPrefix(`/`)"
|
|
- "traefik.http.routers.STATICFS_URLhttp.entrypoints=web"
|
|
- "traefik.http.routers.STATICFS_URLhttp.middlewares=httprepl"
|
|
|
|
- "traefik.http.services.STATICFS_URL.loadbalancer.server.port=8022"
|
|
- "traefik.http.routers.STATICFS_URL.service=STATICFS_URL"
|
|
- "traefik.http.routers.STATICFS_URL.rule=Host(`elnoda.org`)"
|
|
- "traefik.http.routers.STATICFS_URL.entrypoints=websecure"
|
|
- "traefik.http.routers.STATICFS_URL.middlewares=basic-auth"
|
|
- "traefik.http.routers.STATICFS_URL.tls=true"
|
|
- "traefik.http.routers.STATICFS_URL.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.STATICFS_URL.middlewares=add-context"
|
|
```
|
|
|
|
|
|
|
|
|